CVE Database

4411+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-39361
3.1 LOW

Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5 fail to prevent users from specifying a RemoteId for their posts which …

Jul 3, 2024
CVE-2024-39353
2.7 LOW

Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access …

Jul 3, 2024
CVE-2024-36257
2.7 LOW

Mattermost versions 9.5.x <= 9.5.5 and 9.8.0, when using shared channels with multiple remote servers connected, fail to check that the remote server A requesting …

Jul 3, 2024
CVE-2024-39324
3.8 LOW

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a …

Jul 2, 2024
CVE-2024-36278
3.3 LOW

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion.

Jul 2, 2024
CVE-2024-31071
3.3 LOW

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion.

Jul 2, 2024
CVE-2023-35022
3.3 LOW

IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: …

Jun 30, 2024
CVE-2024-6415
2.4 LOW

A vulnerability classified as problematic was found in Ingenico Estate Manager 2023. Affected by this vulnerability is an unknown functionality of the file /emgui/rest/preferences/PREF_HOME_PAGE/sponsor/3/ of …

Jun 30, 2024
CVE-2024-39846
3.5 LOW

NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, …

Jun 29, 2024
CVE-2024-39307
3.5 LOW

Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't sanitize …

Jun 28, 2024
CVE-2024-39302
3.7 LOW

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file …

Jun 28, 2024
CVE-2024-38531
3.6 LOW

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and …

Jun 28, 2024
CVE-2024-30135
3.3 LOW

HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is taken.

Jun 28, 2024
CVE-2024-30111
3.3 LOW

HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device …

Jun 28, 2024
CVE-2024-30110
3.7 LOW

HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a …

Jun 28, 2024
CVE-2024-30109
3.7 LOW

HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers …

Jun 28, 2024
CVE-2024-37137
3.8 LOW

Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. A local privileged attacker could potentially exploit …

Jun 28, 2024
CVE-2024-6374
3.5 LOW

A vulnerability was found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as problematic. This issue affects some unknown processing of the file /subject.php of …

Jun 27, 2024
CVE-2024-39157
3.8 LOW

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1.

Jun 27, 2024
CVE-2024-39156
3.8 LOW

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add.

Jun 27, 2024
CVE-2024-6370
3.5 LOW

A vulnerability classified as problematic was found in LabVantage LIMS 2017. Affected by this vulnerability is an unknown functionality of the file /labvantage/rc?command=file&file=WEB-OPAL/pagetypes/bulletins/sendbulletin.jsp of the …

Jun 27, 2024
CVE-2024-6369
3.5 LOW

A vulnerability classified as problematic has been found in LabVantage LIMS 2017. Affected is an unknown function of the file /labvantage/rc?command=page&sdcid=LV_ReagentLot of the component POST …

Jun 27, 2024
CVE-2024-6368
3.5 LOW

A vulnerability was found in LabVantage LIMS 2017. It has been rated as problematic. This issue affects some unknown processing of the file /labvantage/rc?command=page of …

Jun 27, 2024
CVE-2024-6367
3.5 LOW

A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file&file=WEB-CORE/elements/files/filesembedded.jsp of the …

Jun 27, 2024
CVE-2024-4011
3.1 LOW

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from …

Jun 27, 2024
CVE-2024-39458
3.1 LOW

When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets …

Jun 26, 2024
CVE-2024-25637
3.1 LOW

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped …

Jun 26, 2024
CVE-2024-6344
2.4 LOW

A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration …

Jun 26, 2024
CVE-2024-28830
2.7 LOW

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written …

Jun 26, 2024
CVE-2024-37141
3.5 LOW

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially …

Jun 26, 2024
CVE-2024-29177
2.7 LOW

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged …

Jun 26, 2024
CVE-2024-24764
3.5 LOW

October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL …

Jun 26, 2024
CVE-2024-38364
2.6 LOW

DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to …

Jun 26, 2024
CVE-2023-37541
3.5 LOW

HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.

Jun 25, 2024
CVE-2024-6300
3.7 LOW

Incomplete cleanup when performing redactions in Conduit, allowing an attacker to check whether certain strings were present in the PDU before redaction

Jun 25, 2024
CVE-2024-32855
3.8 LOW

Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this …

Jun 25, 2024
CVE-2024-6295
3.9 LOW

udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker …

Jun 25, 2024
CVE-2024-6294
3.9 LOW

udn News Android APP stores the user session in logcat file when user log into the APP. A malicious APP or an attacker with physical …

Jun 25, 2024
CVE-2024-4839
3.3 LOW

A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The affected functions include Elastic …

Jun 24, 2024
CVE-2024-3121
3.3 LOW

A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in …

Jun 24, 2024
CVE-2024-4841
3.3 LOW

A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 …

Jun 23, 2024
CVE-2024-6267
2.4 LOW

A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file …

Jun 23, 2024
CVE-2024-6252
2.4 LOW

A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the …

Jun 22, 2024
CVE-2024-6251
2.4 LOW

A vulnerability, which was classified as problematic, was found in playSMS 1.4.3. Affected is an unknown function of the file /index.php?app=main&inc=feature_phonebook&op=phonebook_list of the component New …

Jun 22, 2024
CVE-2022-44593
3.7 LOW

Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through 9.3.1.

Jun 21, 2024
CVE-2024-38388
3.3 LOW

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup Use the control private_free callback to free the …

Jun 21, 2024
CVE-2024-6212
3.5 LOW

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. Affected by this issue is the function get_student of the …

Jun 21, 2024
CVE-2024-38361
3.7 LOW

Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Use of an exclusion under an arrow that has …

Jun 20, 2024
CVE-2024-6182
3.5 LOW

A vulnerability was found in LabVantage LIMS 2017. It has been rated as problematic. This issue affects some unknown processing of the file /labvantage/rc?command=page&page=LV_ViewSampleSpec&oosonly=Y&_sdialog=Y. The …

Jun 20, 2024
CVE-2024-6181
3.5 LOW

A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file&file=WEB-CORE/elements/files/filesembedded.jsp&size=32. The manipulation …

Jun 20, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.